Re: [VOTE] Release Apache Tomcat 9.0.0.M27
Hi, here is my test result, although the vote has finished: The proposed 9.0.0.M27 release is: [ ] Broken - do not release [ X ] Alpha - go ahead and release as 9.0.0.M27 Unit test passed. Our web application works fine. -- Mark Thomas2017 Sep 14 (Thu) 02:49 Tomcat Developers List [VOTE] Release Apache Tomcat 9.0.0.M27 The proposed Apache Tomcat 9.0.0.M27 release is now available for voting. This is a milestone release for the 9.0.x branch. It should be noted that, as a milestone release: - Servlet 4.0 is not finalised - It is not known if there will be a minor maintenance release for JSP 2.4, EL 3.1 or WebSocket 1.2 The major changes compared to the 9.0.0.M26 release are: - Additional capabilities for the CGI Servlet. Based on patches provided by jm009. - Added support for the OpenSSL SSL_CONF API. To support this the minimum required Tomcat Native version is 1.2.14. Along with lots of other bug fixes and improvements. For full details, see the changelog: http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml It can be obtained from: https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.0.M27/ The Maven staging repo is: https://repository.apache.org/content/repositories/orgapachetomcat-1152/ The svn tag is: http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_0_M27/ The proposed 9.0.0.M27 release is: [ ] Broken - do not release [ ] Alpha - go ahead and release as 9.0.0.M27 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r21712 - /dev/tomcat/tomcat-8/v8.5.21/ /release/tomcat/tomcat-8/v8.5.21/
Author: markt Date: Tue Sep 19 20:29:38 2017 New Revision: 21712 Log: Release Apache Tomcat 8.5.21 Added: release/tomcat/tomcat-8/v8.5.21/ - copied from r21711, dev/tomcat/tomcat-8/v8.5.21/ Removed: dev/tomcat/tomcat-8/v8.5.21/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[RESULT][VOTE] Release Apache Tomcat 8.5.21
The following voters were cast: Binding: +1: rjung, markt, fschumacher, mgrigorov, csutherl, violetagg Non-binding: +1: ebourg The vote therefore passes. Thank you to everyone who contributed to this release. Mark - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 9.0.0.M27
2017-09-13 21:49 GMT+03:00 Mark Thomas: > > The proposed Apache Tomcat 9.0.0.M27 release is now available for voting. > > This is a milestone release for the 9.0.x branch. It should be > noted that, as a milestone release: > - Servlet 4.0 is not finalised > - It is not known if there will be a minor maintenance release for > JSP 2.4, EL 3.1 or WebSocket 1.2 > > The major changes compared to the 9.0.0.M26 release are: > > - Additional capabilities for the CGI Servlet. Based on patches provided > by jm009. > > - Added support for the OpenSSL SSL_CONF API. To support this the > minimum required Tomcat Native version is 1.2.14. > > Along with lots of other bug fixes and improvements. > > > For full details, see the changelog: > http://svn.apache.org/repos/asf/tomcat/trunk/webapps/docs/changelog.xml > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-9/v9.0.0.M27/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1152/ > The svn tag is: > http://svn.apache.org/repos/asf/tomcat/tags/TOMCAT_9_0_0_M27/ > > The proposed 9.0.0.M27 release is: > [ ] Broken - do not release > [X] Alpha - go ahead and release as 9.0.0.M27 Regards, Violeta
[RESULT][VOTE] Release Apache Tomcat 9.0.0.M27
The following votes were cast: Binding: +1: markt, rjung, fschumacher, mgrigorov, violetagg No other voters were cast. The vote therefore passes. Thank you to everyone who contributed to this release. - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r21710 - /dev/tomcat/tomcat-6/
Author: markt Date: Tue Sep 19 20:28:21 2017 New Revision: 21710 Log: Tomcat 6 has reached end of life Removed: dev/tomcat/tomcat-6/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r21711 - /dev/tomcat/tomcat-9/v9.0.0.M27/ /release/tomcat/tomcat-9/v9.0.0.M27/
Author: markt Date: Tue Sep 19 20:29:09 2017 New Revision: 21711 Log: Release Apache Tomcat 9.0.0.M27 Added: release/tomcat/tomcat-9/v9.0.0.M27/ - copied from r21710, dev/tomcat/tomcat-9/v9.0.0.M27/ Removed: dev/tomcat/tomcat-9/v9.0.0.M27/ - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: Draft EOL announcement for Tomcat Native 1.1.x
Updated with Konstantin's feedback. Further comments, feedback etc welcome. The Apache Tomcat Team announces that support for Apache Tomcat Native 1.1.x will end on 30 September 2018. This means that after 30 September 2018: - releases from the 1.1.x branch are highly unlikely - bugs affecting only the 1.1.x branch will not be addressed - security vulnerability reports will not be checked against the 1.1.x branch - Apache Tomcat releases of 7.0.x after this date may require 1.2.x as a minimum Three months later (i.e. after 31 December 2018) - the 1.1.x download pages will be removed - the latest 1.1.x release will be removed from the mirror system - the links to the 1.1.x documentation will be removed from tomcat.apache.org The latest binary releases of 1.1.x for Windows are not built with a current version of OpenSSL and will therefore be removed from the download pages with immediate effect. Please also note the following additional information: Tomcat 8.5.x and 9.0.x require a minimum of Tomcat Native 1.2.x and are therefore unaffected by this notice. Tomcat 8.0.x will reach end of life on 30 June 2018 and is therefore unaffected by this notice. Only Tomcat 7.0.x is affected by this notice. Tomcat 7.0.x has shipped with Tomcat Native 1.2.x since 7.0.70 (June 2016). All 1.1.x releases will always be available from the archive. Tomcat Native 1.2.x is a drop-in replacement for 1.1.x although it does require OpenSSL 1.0.2 as a minimum. All Tomcat Native releases from 1.1.34 onwards have indicated that users should use 1.2.x in preference to 1.1.x. The most recent release of 1.1.x (1.1.34) was released in December 2015. It is likely that 1.1.34 will be the final 1.1.x release unless a security vulnerability is discovered in 1.1.x that cannot be worked around without a new release. -- The Apache Tomcat Team - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[SECURITY] CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP upload
CVE-2017-7674 Apache Tomcat Remote Code Execution via JSP Upload Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 7.0.0 to 7.0.79 Description: When running on Windows with HTTP PUTs enabled (e.g. via setting the readonly initialisation parameter of the Default to false) it was possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. Mitigation: Users of the affected versions should apply one of the following mitigations: - Upgrade to Apache Tomcat 7.0.81 or later (7.0.80 was not released) Credit: This issue was reported responsibly to the Apache Tomcat Security Team by iswin from 360-sg-lab (360观星实验室) History: 2017-09-19 Original advisory References: [1] http://tomcat.apache.org/security-7.html - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[SECURITY] CVE-2017-12616 Apache Tomcat Information Disclosure
CVE-2017-7674 Apache Tomcat Information Disclosure Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 7.0.0 to 7.0.80 Description: When using a VirtualDirContext it was possible to bypass security constraints and/or view the source code of JSPs for resources served by the VirtualDirContext using a specially crafted request. Mitigation: Users of the affected versions should apply one of the following mitigations: - Upgrade to Apache Tomcat 7.0.81 Credit: This issue was identified by the Tomcat Security Team while investigating CVE-2017-12615. History: 2017-09-19 Original advisory References: [1] http://tomcat.apache.org/security-7.html - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Re: [VOTE] Release Apache Tomcat 8.5.21
On Wed, Sep 13, 2017 at 5:02 PM, Mark Thomaswrote: > The proposed Apache Tomcat 8.5.21 release is now available for voting. > > The major changes compared to the 8.5.20 release are: > > - Additional capabilities for the CGI Servlet. Based on patches provided > by jm009. > > - Added support for the OpenSSL SSL_CONF API. To support this the > minimum required Tomcat Native version is 1.2.14. > > Along with lots of other bug fixes and improvements. > > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.21/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1153/ > The svn tag is: > http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_21/ > > The proposed 8.5.21 release is: > [ ] Broken - do not release > [x] Stable - go ahead and release as 8.5.21 +1 > - > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn propchange: r1804604 - svn:log
Author: markt Revision: 1804604 Modified property: svn:log Modified: svn:log at Tue Sep 19 11:01:02 2017 -- --- svn:log (original) +++ svn:log Tue Sep 19 11:01:02 2017 @@ -3,3 +3,5 @@ Code clean-up - Correct indent - Consistent use of file() - Add {} to improve readability + +This is part of the fix for CVE-2017-12615 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn propchange: r1804729 - svn:log
Author: markt Revision: 1804729 Modified property: svn:log Modified: svn:log at Tue Sep 19 11:01:39 2017 -- --- svn:log (original) +++ svn:log Tue Sep 19 11:01:39 2017 @@ -1 +1,4 @@ Correct regression in r1804604 that broke WebDAV. + +This is part of the fix for CVE-2017-12615 +This is the fix for CVE-2017-12616 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1808857 - in /tomcat/site/trunk: docs/security-7.html xdocs/security-7.xml
Author: markt Date: Tue Sep 19 10:57:45 2017 New Revision: 1808857 URL: http://svn.apache.org/viewvc?rev=1808857=rev Log: Add details for CVE-2017-12615 and CVE-2017-12616 Modified: tomcat/site/trunk/docs/security-7.html tomcat/site/trunk/xdocs/security-7.xml Modified: tomcat/site/trunk/docs/security-7.html URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-7.html?rev=1808857=1808856=1808857=diff == --- tomcat/site/trunk/docs/security-7.html (original) +++ tomcat/site/trunk/docs/security-7.html Tue Sep 19 10:57:45 2017 @@ -218,6 +218,9 @@ Apache Tomcat 7.x vulnerabilities +Fixed in Apache Tomcat 7.0.81 + + Fixed in Apache Tomcat 7.0.79 @@ -377,6 +380,67 @@ + +16 August 2017 Fixed in Apache Tomcat 7.0.81 + + + + +Important: Information Disclosure + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12616; rel="nofollow">CVE-2017-12616 + + + +When using a VirtualDirContext it was possible to bypass security + constraints and/or view the source code of JSPs for resources served by + the VirtualDirContext using a specially crafted request. + + +This was fixed in revision http://svn.apache.org/viewvc?view=revrev=1804729;>1804729. + + +This issue was identified by the Tomcat Security Team on 10 August 2017 + and made public on 19 September 2017. + + +Affects: 7.0.0 to 7.0.80 + + + +Important: Remote Code Execution + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12615; rel="nofollow">CVE-2017-12615 + + + + +Note: The issue below was fixed in Apache Tomcat 7.0.80 but the + release vote for the 7.0.81 release candidate did not pass. Therefore, + although users must download 7.0.81 to obtain a version that includes + the fix for this issue, version 7.0.80 is not included in the list of + affected versions. + + + +When running on Windows with HTTP PUTs enabled (e.g. via setting the + readonly initialisation parameter of the Default to false) + it was possible to upload a JSP file to the server via a specially + crafted request. This JSP could then be requested and any code it + contained would be executed by the server. + + +This was fixed in revisions http://svn.apache.org/viewvc?view=revrev=1804604;>1804604 and + http://svn.apache.org/viewvc?view=revrev=1804729;>1804729. + + +This issue was reported responsibly to the Apache Tomcat Security Team by + iswin from 360-sg-lab (360è§æå®éªå®¤) on 26 July 2017 and made public on 19 + September 2017. + + +Affects: 7.0.0 to 7.0.79 + + + 1 July 2017 Fixed in Apache Tomcat 7.0.79 Modified: tomcat/site/trunk/xdocs/security-7.xml URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-7.xml?rev=1808857=1808856=1808857=diff == --- tomcat/site/trunk/xdocs/security-7.xml (original) +++ tomcat/site/trunk/xdocs/security-7.xml Tue Sep 19 10:57:45 2017 @@ -50,6 +50,48 @@ + + +Important: Information Disclosure + CVE-2017-12616 + +When using a VirtualDirContext it was possible to bypass security + constraints and/or view the source code of JSPs for resources served by + the VirtualDirContext using a specially crafted request. + +This was fixed in revision 1804729. + +This issue was identified by the Tomcat Security Team on 10 August 2017 + and made public on 19 September 2017. + +Affects: 7.0.0 to 7.0.80 + +Important: Remote Code Execution + CVE-2017-12615 + +Note: The issue below was fixed in Apache Tomcat 7.0.80 but the + release vote for the 7.0.81 release candidate did not pass. Therefore, + although users must download 7.0.81 to obtain a version that includes + the fix for this issue, version 7.0.80 is not included in the list of + affected versions. + +When running on Windows with HTTP PUTs enabled (e.g. via setting the + readonly initialisation parameter of the Default to false) + it was possible to upload a JSP file to the server via a specially + crafted request. This JSP could then be requested and any code it + contained would be executed by the server. + +This was fixed in revisions 1804604 and + 1804729. + +This issue was reported responsibly to the Apache Tomcat Security Team by + iswin from 360-sg-lab (360è§æå®éªå®¤) on 26 July 2017 and made public on 19 + September 2017. + +Affects: 7.0.0 to 7.0.79 + + + Moderate: Cache Poisoning - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[CORRECTION][SECURITY] CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP upload
The body of the original advisory referred to CVE-2017-7674. This was incorrect. It was a copy and paste error from a previous Tomcat advisory. The correct CVE reference is CVE-2017-12615, as per the subject line. On 19/09/17 11:58, Mark Thomas wrote: > CVE-2017-12615 Apache Tomcat Remote Code Execution via JSP Upload > > Severity: Important > > Vendor: The Apache Software Foundation > > Versions Affected: > Apache Tomcat 7.0.0 to 7.0.79 > > Description: > When running on Windows with HTTP PUTs enabled (e.g. via setting the > readonly initialisation parameter of the Default to false) it was > possible to upload a JSP file to the server via a specially crafted > request. This JSP could then be requested and any code it contained > would be executed by the server. > > Mitigation: > Users of the affected versions should apply one of the following > mitigations: > - Upgrade to Apache Tomcat 7.0.81 or later (7.0.80 was not released) > > Credit: > This issue was reported responsibly to the Apache Tomcat Security Team > by iswin from 360-sg-lab (360观星实验室) > > History: > 2017-09-19 Original advisory > > References: > [1] http://tomcat.apache.org/security-7.html > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
[CORRECTION][SECURITY] CVE-2017-12616 Apache Tomcat Information Disclosure
The body of the original advisory referred to CVE-2017-7674. This was incorrect. It was a copy and paste error from a previous Tomcat advisory. The correct CVE reference is CVE-2017-12616, as per the subject line. On 19/09/17 11:58, Mark Thomas wrote: > CVE-2017-7674 Apache Tomcat Information Disclosure > > Severity: Important > > Vendor: The Apache Software Foundation > > Versions Affected: > Apache Tomcat 7.0.0 to 7.0.80 > > Description: > When using a VirtualDirContext it was possible to bypass security > constraints and/or view the source code of JSPs for resources served by > the VirtualDirContext using a specially crafted request. > > Mitigation: > Users of the affected versions should apply one of the following > mitigations: > - Upgrade to Apache Tomcat 7.0.81 > > Credit: > This issue was identified by the Tomcat Security Team while > investigating CVE-2017-12615. > > History: > 2017-09-19 Original advisory > > References: > [1] http://tomcat.apache.org/security-7.html > - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
Tagging Tomcat 7/8.0
Hi, I'm planning to start preparing Tomcat 7/8.0 for a release later today. If you would like to include something in addition, please reply here. Regards, Violeta
svn commit: r1808880 - in /tomcat/tc8.5.x/trunk: java/org/apache/tomcat/util/http/ServerCookies.java webapps/docs/changelog.xml
Author: csutherl Date: Tue Sep 19 14:07:02 2017 New Revision: 1808880 URL: http://svn.apache.org/viewvc?rev=1808880=rev Log: Update fix for bug 59904 so that values less than zero are accepted instead of throwing a NegativeArraySizeException. Modified: tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/http/ServerCookies.java tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Modified: tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/http/ServerCookies.java URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/http/ServerCookies.java?rev=1808880=1808879=1808880=diff == --- tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/http/ServerCookies.java (original) +++ tomcat/tc8.5.x/trunk/java/org/apache/tomcat/util/http/ServerCookies.java Tue Sep 19 14:07:02 2017 @@ -49,7 +49,7 @@ public class ServerCookies { } if (cookieCount >= serverCookies.length) { -int newSize = Math.min(2*cookieCount, limit); +int newSize = limit > -1 ? Math.min(2*cookieCount, limit) : 2*cookieCount; ServerCookie scookiesTmp[] = new ServerCookie[newSize]; System.arraycopy(serverCookies, 0, scookiesTmp, 0, cookieCount); serverCookies = scookiesTmp; Modified: tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml?rev=1808880=1808879=1808880=diff == --- tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml (original) +++ tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml Tue Sep 19 14:07:02 2017 @@ -59,6 +59,14 @@ + + + +Update fix for 59904 so that values less than zero are accepted +instead of throwing a NegativeArraySizeException. (remm) + + + - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1808881 - in /tomcat/trunk: ./ java/org/apache/tomcat/util/http/ServerCookies.java webapps/docs/changelog.xml
Author: csutherl Date: Tue Sep 19 14:10:12 2017 New Revision: 1808881 URL: http://svn.apache.org/viewvc?rev=1808881=rev Log: Cherry-pick r1808880 from 8.5.x/trunk Modified: tomcat/trunk/ (props changed) tomcat/trunk/java/org/apache/tomcat/util/http/ServerCookies.java tomcat/trunk/webapps/docs/changelog.xml (contents, props changed) Propchange: tomcat/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Tue Sep 19 14:10:12 2017 @@ -1 +1 @@ -/tomcat/tc8.5.x/trunk:1802799 +/tomcat/tc8.5.x/trunk:1802799,1808880 Modified: tomcat/trunk/java/org/apache/tomcat/util/http/ServerCookies.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/tomcat/util/http/ServerCookies.java?rev=1808881=1808880=1808881=diff == --- tomcat/trunk/java/org/apache/tomcat/util/http/ServerCookies.java (original) +++ tomcat/trunk/java/org/apache/tomcat/util/http/ServerCookies.java Tue Sep 19 14:10:12 2017 @@ -49,7 +49,7 @@ public class ServerCookies { } if (cookieCount >= serverCookies.length) { -int newSize = Math.min(2*cookieCount, limit); +int newSize = limit > -1 ? Math.min(2*cookieCount, limit) : 2*cookieCount; ServerCookie scookiesTmp[] = new ServerCookie[newSize]; System.arraycopy(serverCookies, 0, scookiesTmp, 0, cookieCount); serverCookies = scookiesTmp; Modified: tomcat/trunk/webapps/docs/changelog.xml URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1808881=1808880=1808881=diff == --- tomcat/trunk/webapps/docs/changelog.xml (original) +++ tomcat/trunk/webapps/docs/changelog.xml Tue Sep 19 14:10:12 2017 @@ -74,6 +74,14 @@ + + + +Update fix for 59904 so that values less than zero are accepted +instead of throwing a NegativeArraySizeException. (remm) + + + Propchange: tomcat/trunk/webapps/docs/changelog.xml -- --- svn:mergeinfo (original) +++ svn:mergeinfo Tue Sep 19 14:10:12 2017 @@ -1 +1 @@ -/tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml:1781934 +/tomcat/tc8.5.x/trunk/webapps/docs/changelog.xml:1781934,1808880 - To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
svn commit: r1808887 - in /tomcat/tc7.0.x/trunk: ./ java/org/apache/tomcat/util/http/Cookies.java webapps/docs/changelog.xml
Author: csutherl Date: Tue Sep 19 14:22:06 2017 New Revision: 1808887 URL: http://svn.apache.org/viewvc?rev=1808887=rev Log: Update fix for bug 59904 so that values less than zero are accepted instead of throwing a NegativeArraySizeException. Modified: tomcat/tc7.0.x/trunk/ (props changed) tomcat/tc7.0.x/trunk/java/org/apache/tomcat/util/http/Cookies.java tomcat/tc7.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc7.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Tue Sep 19 14:22:06 2017 @@ -1,3 +1,3 @@ -/tomcat/tc8.0.x/trunk:1636525,1637336,1637685,1637709,1638726,1640089,1640276,1640349,1640363,1640366,1640642,1640672,1640674,1640689,1640884,1641001,1641065,1641067,1641375,1641638,1641723,1641726,1641729-1641730,1641736,1641988,1642669-1642670,1642698,1642701,1643205,1643215,1643217,1643230,1643232,1643273,1643285,1643329-1643330,1643511,1643513,1643521,1643539,1643571,1643581-1643582,1643635,1643655,1643738,1643964,1644018,1644333,1644525,1644954,1644992,1645014,1645360,1645456,1645627,1645642,1645686,1645903-1645904,1645908-1645909,1645913,1645920,1646458,1646460-1646462,1646735,1646738-1646741,1646744,1646746,1646748-1646755,1646757,1646759-1646760,1647043,1648816,1651420-1651422,1651844,1652926,1652939-1652940,1652973,1653798,1653817,1653841,1654042,1654161,1654736,1654767,1654787,1656592,1659907,1662986,1663265,1663278,1663325,1663535,1663567,1663679,1663997,1664175,1664321,1664872,1665061,1665086,1666027,1666395,1666503,1666506,1666560,1666570,1666581,1666759,1666967,1666988 ,1667553-1667555,1667558,1667617,1667633,1667637,1667747,1667767,1667873,1668028,1668137,1668634,1669432,1669801,1669840,1669895-1669896,1670398,1670435,1670592,1670605-1670607,1670609,1670632,1670720,1670725,1670727,1670731,1671114,1672273,1672285,1673759,1674220,1674295,1675469,1675488,1675595,1675831,1676232,1676367-1676369,1676382,1676394,1676483,1676556,1676635,1678178,1679536,1679988,1680256,1681124,1681182,1681703,1681730,1681840,1681864,1681869,1682010,1682034,1682047,1682052-1682053,1682062,1682064,1682070,1682312,1682325,1682331,1682386,1684367,1684385,1685759,1685774,1685827,1685892,1687341,1688904,1689358,1689657,1689921,1692850,1693093,1693108,1693324,1694060,1694115,1694291,1694427,1694431,1694503,1694549,1694789,1694873,1694881,1695356,1695372,1695823-1695825,1696200,1696281,1696379,1696468,1700608,1700871,1700897,1700978,1701094,1701124,1701608,1701668,1701676,1701766,1701944,1702248,1702252,1702314,1702390,1702723,1702725,1702728,1702730,1702733,1702735,1702737,1702 739,1702742,1702744,1702748,1702751,1702754,1702758,1702760,1702763,1702766,1708779,1708782,1708806,1709314,1709670,1710347,1710442,1710448,1710490,1710574,1710578,1712226,1712229,1712235,1712255,1712618,1712649,1712655,1712860,1712899,1712903,1712906,1712913,1712926,1712975,1713185,1713262,1713287,1713613,1713621,1713872,1713976,1713994,1713998,1714004,1714013,1714059,1714538,1714580,1715189,1715207,1715544,1715549,1715637,1715639-1715645,1715667,1715683,1715866,1715978,1715981,1716216-1716217,1716355,1716414,1716421,1717208-1717209,1717257,1717283,1717288,1717291,1717421,1717517,1717529,1718797,1718840-1718843,1719348,1719357-1719358,1719400,1719491,1719737,1720235,1720396,1720442,1720446,1720450,1720463,1720658-1720660,1720756,1720816,1721813,1721818,1721831,1721861,1721867,1721882,1722523,1722527,1722800,1722926,1722941,1722997,1723130,1723440,1723488,1723890,1724434,1724674,1724792,1724803,1724902,1725128,1725131,1725154,1725167,1725911,1725921,1725929,1725963-1725965,1725970,1 725974,1726171-1726173,1726175,1726179-1726182,1726190-1726191,1726195-1726200,1726203,1726226,1726576,1726630,1726992,1727029,1727037,1727671,1727676,1727900,1728028,1728092,1728439,1728449,1729186,1729362,1731009,1731303,1731867,1731872,1731874,1731876,1731885,1731947,1731955,1731959,1731977,1731984,1732360,1732490,1732672,1732902,1733166,1733603,1733619,1733735,1733752,1733764,1733915,1733941,1733964,1734115,1734133,1734261,1734421,1734531,1736286,1737967,1738173,1738182,1738992,1739039,1739089-1739091,1739294,1739777,1739821,1739981,1740513,1740726,1741019,1741162,1741217,1743647,1743681,1744152,1744272,1746732,1746750,1752739,1754615,1755886,1756018,1759565,1761686,1762173,1762206,1766280,1767507-1767508,1767653,1767656,1769267,1772949,1773521,1773527,1774104,1777015,1777213,1779330,1783151,1784188,1784966,1785670,1786846,1788260,1788999,1789140,1789402,1791529,1791559,1795291,1796906,1797523,1799214,1800998-1800999,1801003,1801007-1801008,1801017,1801020,1802808,1802814,180361 8,1806107,1806733,1807082-1807083,1808707
svn commit: r1808884 - in /tomcat/tc8.0.x/trunk: ./ java/org/apache/tomcat/util/http/ServerCookies.java webapps/docs/changelog.xml
Author: csutherl Date: Tue Sep 19 14:17:12 2017 New Revision: 1808884 URL: http://svn.apache.org/viewvc?rev=1808884=rev Log: Update fix for bug 59904 so that values less than zero are accepted instead of throwing a NegativeArraySizeException. Modified: tomcat/tc8.0.x/trunk/ (props changed) tomcat/tc8.0.x/trunk/java/org/apache/tomcat/util/http/ServerCookies.java tomcat/tc8.0.x/trunk/webapps/docs/changelog.xml Propchange: tomcat/tc8.0.x/trunk/ -- --- svn:mergeinfo (original) +++ svn:mergeinfo Tue Sep 19 14:17:12 2017 @@ -1,2 +1,2 @@ -/tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002,1754614,1754643,1762124,1762183,1762203,1763792,1772948,1777014,1779719,1782037,1782240,1782386-1782387,1785669,1786845,1788249,1788324,1788905,1789216,1789335,1791528,1791558,1796697-1796698,1797521,1798543,1799162,1800143,1801693,1802805,1806799,1807079-1807080 +/tomcat/tc8.5.x/trunk:1735042,1737966,1743139-1743140,1744151,1747537,1747925,1748002,1754614,1754643,1762124,1762183,1762203,1763792,1772948,1777014,1779719,1782037,1782240,1782386-1782387,1785669,1786845,1788249,1788324,1788905,1789216,1789335,1791528,1791558,1796697-1796698,1797521,1798543,1799162,1800143,1801693,1802805,1806799,1807079-1807080,1808880 /tomcat/trunk:1636524,1637156,1637176,1637188,1637331,1637684,1637695,1637890,1637892,1638720-1638725,1639653,1640010,1640083-1640084,1640088,1640275,1640322,1640347,1640361,1640365,1640403,1640410,1640652,1640655-1640658,1640688,1640700-1640883,1640903,1640976,1640978,1641000,1641026,1641038-1641039,1641051-1641052,1641058,1641064,1641300,1641369,1641374,1641380,1641486,1641634,1641656-1641692,1641704,1641707-1641718,1641720-1641722,1641735,1641981,1642233,1642280,1642554,1642564,1642595,1642606,1642668,1642679,1642697,1642699,1642766,1643002,1643045,1643054-1643055,1643066,1643121,1643128,1643206,1643209-1643210,1643216,1643249,1643270,1643283,1643309-1643310,1643323,1643365-1643366,1643370-1643371,1643465,1643474,1643536,1643570,1643634,1643649,1643651,1643654,1643675,1643731,1643733-1643734,1643761,1643766,1643814,1643937,1643963,1644017,1644169,1644201-1644203,1644321,1644323,1644516,1644523,1644529,1644535,1644730,1644768,1644784-1644785,1644790,1644793,1644815,1644884,1644886 ,1644890,1644892,1644910,1644924,1644929-1644930,1644935,1644989,1645011,1645247,1645355,1645357-1645358,1645455,1645465,1645469,1645471,1645473,1645475,1645486-1645488,1645626,1645641,1645685,1645743,1645763,1645951-1645953,1645955,1645993,1646098-1646106,1646178,1646220,1646302,1646304,1646420,1646470-1646471,1646476,1646559,1646717-1646723,1646773,1647026,1647042,1647530,1647655,1648304,1648815,1648907,1649973,1650081,1650365,1651116,1651120,1651280,1651470,1652938,1652970,1653041,1653471,1653550,1653574,1653797,1653815-1653816,1653819,1653840,1653857,1653888,1653972,1654013,1654030,1654050,1654123,1654148,1654159,1654513,1654515,1654517,1654522,1654524,1654725,1654735,1654766,1654785,1654851-1654852,1654978,1655122-1655124,1655126-1655127,1655129-1655130,1655132-1655133,1655312,1655351,1655438,1655441,1655454,168,1656087,1656299,1656319,1656331,1656345,1656350,1656590,1656648-1656650,1656657,1657041,1657054,1657374,1657492,1657510,1657565,1657580,1657584,1657586,1657589,1657 592,1657607,1657609,1657682,1657907,1658207,1658734,1658781,1658790,1658799,1658802,1658804,1658833,1658840,1658966,1659043,1659053,1659059,1659174,1659184,1659188-1659189,1659216,1659263,1659293,1659304,1659306-1659307,1659382,1659384,1659428,1659471,1659486,1659505,1659516,1659521,1659524,1659559,1659562,1659803,1659806,1659814,1659833,1659862,1659905,1659919,1659948,1659967,1659983-1659984,1660060,1660074,1660077,1660133,1660168,1660331-1660332,1660353,1660358,1660924,1661386,1661770,1661867,1661972,1661990,1662200,1662308-1662309,1662548,1662614,1662696,1662736,1662985,1662988-1662989,1663264,1663277,1663298,1663534,1663562,1663676,1663715,1663754,1663768,1663772,1663781,1663893,1663995,1664143,1664163,1664174,1664301,1664317,1664347,1664657,1664659,1664710,1664863-1664864,1664866,1665085,1665292,1665559,1665653,1665661,1665672,1665694,1665697,1665736,1665779,1665976-1665977,1665980-1665981,1665985-1665986,1665989,1665998,1666004,1666008,1666013,1666017,1666024,1666116,1666386-1
Re: [VOTE] Release Apache Tomcat 8.5.21
2017-09-14 0:02 GMT+03:00 Mark Thomas: > > The proposed Apache Tomcat 8.5.21 release is now available for voting. > > The major changes compared to the 8.5.20 release are: > > - Additional capabilities for the CGI Servlet. Based on patches provided > by jm009. > > - Added support for the OpenSSL SSL_CONF API. To support this the > minimum required Tomcat Native version is 1.2.14. > > Along with lots of other bug fixes and improvements. > > > It can be obtained from: > https://dist.apache.org/repos/dist/dev/tomcat/tomcat-8/v8.5.21/ > The Maven staging repo is: > https://repository.apache.org/content/repositories/orgapachetomcat-1153/ > The svn tag is: > http://svn.apache.org/repos/asf/tomcat/tc8.5.x/tags/TOMCAT_8_5_21/ > > The proposed 8.5.21 release is: > [ ] Broken - do not release > [X] Stable - go ahead and release as 8.5.21 Regards, Violeta